#include <krb5.h>
#include <stdio.h>
#include <arpa/telnet.h>
#ifdef __STDC__
#include <stdlib.h>
#endif
#include "externs.h"
extern boolean_t encrypt_debug_mode;
extern krb5_context telnet_context;
#define KEYFLAG_SHIFT 2
#define SHIFT_VAL(a, b) (KEYFLAG_SHIFT*((a)+((b)*2)))
static struct _fb {
Block temp_feed;
int state[2];
int keyid[2];
int once;
unsigned char fb_feed[64];
boolean_t need_start;
boolean_t validkey;
struct stinfo {
Block str_output;
Block str_feed;
Block str_iv;
unsigned char str_keybytes[DES_BLOCKSIZE];
krb5_keyblock str_key;
int str_index;
int str_flagshift;
} streams[2];
} des_cfb;
static void cfb64_stream_iv(Block, struct stinfo *);
static void cfb64_stream_key(Block, struct stinfo *);
static void
ecb_encrypt(struct stinfo *stp, Block in, Block out)
{
krb5_error_code code;
krb5_data din;
krb5_enc_data dout;
din.length = DES_BLOCKSIZE;
din.data = (char *)in;
dout.ciphertext.length = DES_BLOCKSIZE;
dout.ciphertext.data = (char *)out;
dout.enctype = ENCTYPE_UNKNOWN;
code = krb5_c_encrypt(telnet_context, &stp->str_key, 0, NULL,
&din, &dout);
if (code)
(void) fprintf(stderr, gettext(
"Error encrypting stream data (%s)\r\n"), code);
}
void
cfb64_init(void)
{
register struct _fb *fbp = &des_cfb;
(void) memset((void *)fbp, 0, sizeof (*fbp));
fbp->state[0] = des_cfb.state[1] = ENCR_STATE_FAILED;
fbp->fb_feed[0] = IAC;
fbp->fb_feed[1] = SB;
fbp->fb_feed[2] = TELOPT_ENCRYPT;
fbp->fb_feed[3] = ENCRYPT_IS;
fbp->fb_feed[4] = TELOPT_ENCTYPE_DES_CFB64;
fbp->streams[TELNET_DIR_DECRYPT].str_flagshift =
SHIFT_VAL(0, CFB);
fbp->streams[TELNET_DIR_ENCRYPT].str_flagshift =
SHIFT_VAL(1, CFB);
}
int
cfb64_start(int dir)
{
struct _fb *fbp = &des_cfb;
int x;
unsigned char *p;
register int state;
switch (dir) {
case TELNET_DIR_DECRYPT:
state = fbp->state[dir];
if (state == ENCR_STATE_FAILED)
state = ENCR_STATE_IN_PROGRESS;
break;
case TELNET_DIR_ENCRYPT:
state = fbp->state[dir];
if (state == ENCR_STATE_FAILED)
state = ENCR_STATE_IN_PROGRESS;
else if ((state & ENCR_STATE_NO_SEND_IV) == 0)
break;
if (!fbp->validkey) {
fbp->need_start = B_TRUE;
break;
}
state &= ~ENCR_STATE_NO_SEND_IV;
state |= ENCR_STATE_NO_RECV_IV;
if (encrypt_debug_mode)
(void) printf(gettext("Creating new feed\r\n"));
{
krb5_data d;
krb5_error_code code;
d.data = (char *)fbp->temp_feed;
d.length = sizeof (fbp->temp_feed);
code = krb5_c_random_make_octets(telnet_context, &d);
if (code != 0)
return (ENCR_STATE_FAILED);
}
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_IS;
p++;
*p++ = FB64_IV;
for (x = 0; x < sizeof (Block); ++x) {
if ((*p++ = fbp->temp_feed[x]) == IAC)
*p++ = IAC;
}
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
(void) net_write(fbp->fb_feed, p - fbp->fb_feed);
break;
default:
return (ENCR_STATE_FAILED);
}
return (fbp->state[dir] = state);
}
int
cfb64_is(unsigned char *data, int cnt)
{
unsigned char *p;
struct _fb *fbp = &des_cfb;
register int state = fbp->state[TELNET_DIR_DECRYPT];
if (cnt-- < 1)
goto failure;
switch (*data++) {
case FB64_IV:
if (cnt != sizeof (Block)) {
if (encrypt_debug_mode)
(void) printf(gettext(
"CFB64: initial vector failed "
"on size\r\n"));
state = ENCR_STATE_FAILED;
goto failure;
}
if (encrypt_debug_mode)
(void) printf(gettext(
"CFB64: initial vector received\r\n"));
if (encrypt_debug_mode)
(void) printf(gettext(
"Initializing Decrypt stream\r\n"));
cfb64_stream_iv((void *)data,
&fbp->streams[TELNET_DIR_DECRYPT]);
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_REPLY;
p++;
*p++ = FB64_IV_OK;
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
(void) net_write(fbp->fb_feed, p - fbp->fb_feed);
state = fbp->state[TELNET_DIR_DECRYPT] = ENCR_STATE_IN_PROGRESS;
break;
default:
if (encrypt_debug_mode) {
(void) printf(gettext(
"Unknown option type: %d\r\n"), *(data-1));
printd(data, cnt);
(void) printf("\r\n");
}
failure:
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_REPLY;
p++;
*p++ = FB64_IV_BAD;
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
(void) net_write(fbp->fb_feed, p - fbp->fb_feed);
break;
}
return (fbp->state[TELNET_DIR_DECRYPT] = state);
}
int
cfb64_reply(unsigned char *data, int cnt)
{
struct _fb *fbp = &des_cfb;
register int state = fbp->state[TELNET_DIR_ENCRYPT];
if (cnt-- < 1)
goto failure;
switch (*data++) {
case FB64_IV_OK:
cfb64_stream_iv(fbp->temp_feed,
&fbp->streams[TELNET_DIR_ENCRYPT]);
if (state == ENCR_STATE_FAILED)
state = ENCR_STATE_IN_PROGRESS;
state &= ~ENCR_STATE_NO_RECV_IV;
encrypt_send_keyid(TELNET_DIR_ENCRYPT,
(unsigned char *)"\0", 1, 1);
break;
case FB64_IV_BAD:
(void) memset(fbp->temp_feed, 0, sizeof (Block));
cfb64_stream_iv(fbp->temp_feed,
&fbp->streams[TELNET_DIR_ENCRYPT]);
state = ENCR_STATE_FAILED;
break;
default:
if (encrypt_debug_mode) {
(void) printf(gettext(
"Unknown option type: %d\r\n"), data[-1]);
printd(data, cnt);
(void) printf("\r\n");
}
failure:
state = ENCR_STATE_FAILED;
break;
}
return (fbp->state[TELNET_DIR_ENCRYPT] = state);
}
void
cfb64_session(Session_Key *key)
{
struct _fb *fbp = &des_cfb;
if (!key || key->type != SK_DES) {
if (encrypt_debug_mode)
(void) printf(gettext(
"Can't set DES's session key (%d != %d)\r\n"),
key ? key->type : -1, SK_DES);
return;
}
fbp->validkey = B_TRUE;
cfb64_stream_key(key->data, &fbp->streams[TELNET_DIR_ENCRYPT]);
cfb64_stream_key(key->data, &fbp->streams[TELNET_DIR_DECRYPT]);
if (fbp->need_start) {
fbp->need_start = B_FALSE;
(void) cfb64_start(TELNET_DIR_ENCRYPT);
}
}
int
cfb64_keyid(dir, kp, lenp)
int dir, *lenp;
unsigned char *kp;
{
struct _fb *fbp = &des_cfb;
register int state = fbp->state[dir];
if (*lenp != 1 || (*kp != '\0')) {
*lenp = 0;
return (state);
}
if (state == ENCR_STATE_FAILED)
state = ENCR_STATE_IN_PROGRESS;
state &= ~ENCR_STATE_NO_KEYID;
return (fbp->state[dir] = state);
}
void
cfb64_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
{
char lbuf[ENCR_LBUF_BUFSIZ];
register int i;
char *cp;
unsigned char type[] = "CFB64";
buf[buflen-1] = '\0';
buflen -= 1;
switch (data[2]) {
case FB64_IV:
(void) snprintf(lbuf, ENCR_LBUF_BUFSIZ, "%s_IV", type);
cp = lbuf;
goto common;
case FB64_IV_OK:
(void) snprintf(lbuf, ENCR_LBUF_BUFSIZ, "%s_IV_OK", type);
cp = lbuf;
goto common;
case FB64_IV_BAD:
(void) snprintf(lbuf, ENCR_LBUF_BUFSIZ, "%s_IV_BAD", type);
cp = lbuf;
goto common;
default:
(void) snprintf(lbuf, ENCR_LBUF_BUFSIZ, " %d (unknown)",
data[2]);
cp = lbuf;
common:
for (; (buflen > 0) && (*buf = *cp++); buf++)
buflen--;
for (i = 3; i < cnt; i++) {
(void) snprintf(lbuf, ENCR_LBUF_BUFSIZ, " %d", data[i]);
for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
buflen--;
}
break;
}
}
static void
cfb64_stream_iv(Block seed, register struct stinfo *stp)
{
(void) memcpy((void *)stp->str_iv, (void *)seed, sizeof (Block));
(void) memcpy((void *)stp->str_output, (void *)seed, sizeof (Block));
stp->str_index = sizeof (Block);
}
void
cfb64_stream_key(Block key, register struct stinfo *stp)
{
(void) memcpy((void *)stp->str_keybytes, (void *)key, sizeof (Block));
stp->str_key.length = DES_BLOCKSIZE;
stp->str_key.contents = stp->str_keybytes;
stp->str_key.enctype = ENCTYPE_DES_CBC_RAW;
(void) memcpy((void *)stp->str_output, (void *)stp->str_iv,
sizeof (Block));
stp->str_index = sizeof (Block);
}
void
cfb64_encrypt(register unsigned char *s, int c)
{
register struct stinfo *stp =
&des_cfb.streams[TELNET_DIR_ENCRYPT];
register int index;
index = stp->str_index;
while (c-- > 0) {
if (index == sizeof (Block)) {
Block b;
ecb_encrypt(stp, stp->str_output, b);
(void) memcpy((void *)stp->str_feed, (void *)b,
sizeof (Block));
index = 0;
}
*s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
s++;
index++;
}
stp->str_index = index;
}
int
cfb64_decrypt(int data)
{
register struct stinfo *stp =
&des_cfb.streams[TELNET_DIR_DECRYPT];
int index;
if (data == -1) {
if (stp->str_index)
--stp->str_index;
return (0);
}
index = stp->str_index++;
if (index == sizeof (Block)) {
Block b;
ecb_encrypt(stp, stp->str_output, b);
(void) memcpy((void *)stp->str_feed, (void *)b, sizeof (Block));
stp->str_index = 1;
index = 0;
}
stp->str_output[index] = data;
return (data ^ stp->str_feed[index]);
}
